Hi,
I am pulling data from database to display it to the user. The user can perform some functions like file upload. Now when I let users upload the file, I am storing the path to the file in my database (& not the actual file itself). The path to access the file would be:

<a href = "../folder1/folder2/attachment.zip">Download attachment</a>

I am storing this file on my server (not in my database).
I am using the following query to display the data from database:

PHP Code:
 echo htmlentities($rows['message']); 
The problem is that when I try to display the data from database, the htmlentities function is not letting me make the link clickable whereas I want users to be able to click the link to be able to download the attachment.

It is displaying the data as:

<a href = "../folder1/folder2/attachment.zip">Download attachment</a>

whereas I want it to display as:

Download attachment

even after passing through htmlentities. I don't think using html_entity_decode will do any good as that will revert back any malicious input to its original state. I have data validation in place but still would like to use htmlentities to display the data from database & at the same time make the "Download Attachment" link click able. Any suggestions?

Thank you very much in advance. Looking forward for your replies.